Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about:blank removal


  • This topic is locked This topic is locked
50 replies to this topic

#1 leftycarvin

leftycarvin

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 08 January 2013 - 10:22 AM

Hello, I am new to the forum-what a fantastic resource.I have a dell optilex 760 desktop that I belive has some sort of redirect malware.To date I have run:AdAware,Trend Micro Antivirus(office version),Malwarebytes,Tdsskiller,ADWcleaner, rogue killer, and cleaned things up with ccleaner.My computer is running WAY better.However, internet explorer still reverts back to about;blank as my homepage.I have tried restoring the defaults for internet explorer and that did'nt help.Trend micro quarantined a trojan and malwarebytes removed a recycler trojan if that is any help.Thanks

BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 09 January 2013 - 12:05 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, leftycarvin

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 09 January 2013 - 12:06 AM

Hello there,

I know you have done quite a number of self fixes, but before I can continue to help you, I would need to get some logs for more information.

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
DDS log
aswMBR log
TDSSKiller log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 leftycarvin

leftycarvin
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 09 January 2013 - 05:00 PM

Thanks for the quick response;this is a computer at my office so I will responding on the days I work(tue,thurs,sat).I may also bring the desktop home with me to get the process done quicker.I am hoping to get you some logs tomorrow.Thanks for your patience.

#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 09 January 2013 - 09:55 PM

Sure :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 leftycarvin

leftycarvin
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 10 January 2013 - 08:00 AM

I am having difficulty disabling trend micro office.The computer I am trying to clean is a satellite computer on a network.The Trend antivirus is on the server and goes out to the computers on the network.It looks like I will have to disable it at the network if it is necessary to do so.On the Trend business support forum they did not recommend this.How should I proceed?

#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 10 January 2013 - 08:11 AM

Do you have an IT department that can solve the malware problem for you?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 leftycarvin

leftycarvin
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 10 January 2013 - 08:20 AM

I am the IT department.I have a small dental practice; the server has 5 satellite computers.I have gotten some tech support in the past for certain problems, I find that most of the time I am just as good at solving the problems and I can get it done quicker.However, if it looks as if this will be a difficult problem I have no problem getting some help.This problem appears to be almost solved , however there is something still lingering to redirect the homepage.

#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 10 January 2013 - 10:13 AM

If you disable Trend Micro on the network, that would disable computers at your premise too I suppose.

Go ahead and run those tools with Trend Micro running. Hopefully it will be able to pass through that.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 leftycarvin

leftycarvin
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 10 January 2013 - 10:42 AM

Here are the first 2 logs: As I run the reports I will keep sending them

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by dtech at 10:55:07 on 2013-01-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3292.2583 [GMT -5:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe
C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
z:\RUN\DTWIN.EXE
C:\vixwin\vixwin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.live.com
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = localhost
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Egpuduos] "c:\documents and settings\dtech\application data\ahly\yknie.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\\isuspm.exe -scheduler
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\DelTemp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deltemp.lnk - c:\DelTemp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://w2k3server:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://w2k3server:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://w2k3server:4343/officescan/console/html/root/AtxEnc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253025680703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: Interfaces\{D392337D-3174-4613-9D0F-7CE24F86BA43} : NameServer = 10.0.0.10
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dtech\application data\mozilla\firefox\profiles\nwf4t6y6.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-23 64512]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-8-21 24064]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-9-16 59152]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2009-5-22 264504]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2009-5-22 36664]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-8-21 2066968]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-8-21 144480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-2-23 689680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2012-12-27 23:26:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-27 22:43:29 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-12-27 22:43:25 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-12-27 22:43:24 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-12-20 13:44:35 22064 ----a-w- c:\windows\DCEBoot.exe
2012-12-19 21:53:47 181808 ----a-w- c:\windows\RegBootClean.exe
2012-12-19 21:52:16 -------- d-----w- c:\documents and settings\dtech\application data\Heacv
2012-12-19 21:52:16 -------- d-----w- c:\documents and settings\dtech\application data\Eqto
2012-12-19 21:52:16 -------- d-----w- c:\documents and settings\dtech\application data\Ahly
.
==================== Find3M ====================
.
2012-12-27 23:28:33 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 11:20:36 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 19:42:25 1409 ----a-w- c:\windows\QTFont.for
2012-10-23 13:01:33 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-23 13:01:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 10:55:49.75 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/15/2009 10:19:18 AM
System Uptime: 1/10/2013 7:58:13 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0M863N
Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz | CPU | 2792/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 48.529 GiB free.
D: is CDROM ()
E: is Removable
I: is NetworkDisk (NTFS) - 108 GiB total, 83.124 GiB free.
X: is NetworkDisk (NTFS) - 75 GiB total, 28.999 GiB free.
Z: is NetworkDisk (NTFS) - 108 GiB total, 83.124 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP761: 10/15/2012 9:35:17 AM - Software Distribution Service 3.0
RP762: 10/16/2012 9:10:46 AM - Software Distribution Service 3.0
RP763: 10/17/2012 9:02:09 AM - Software Distribution Service 3.0
RP764: 10/18/2012 8:46:41 AM - Software Distribution Service 3.0
RP765: 10/22/2012 9:52:36 AM - Software Distribution Service 3.0
RP766: 10/23/2012 9:00:32 AM - Software Distribution Service 3.0
RP767: 10/24/2012 9:15:24 AM - Software Distribution Service 3.0
RP768: 10/25/2012 8:52:47 AM - Software Distribution Service 3.0
RP769: 10/27/2012 8:32:08 AM - Software Distribution Service 3.0
RP770: 10/29/2012 9:56:08 AM - Software Distribution Service 3.0
RP771: 10/30/2012 9:19:39 AM - Software Distribution Service 3.0
RP772: 11/1/2012 8:57:02 AM - Software Distribution Service 3.0
RP773: 11/3/2012 9:03:57 AM - Software Distribution Service 3.0
RP774: 11/5/2012 10:18:21 AM - Software Distribution Service 3.0
RP775: 11/6/2012 9:41:04 AM - Software Distribution Service 3.0
RP776: 11/7/2012 8:55:33 AM - Software Distribution Service 3.0
RP777: 11/8/2012 8:30:19 AM - Software Distribution Service 3.0
RP778: 11/10/2012 8:32:47 AM - Software Distribution Service 3.0
RP779: 11/12/2012 10:53:11 AM - Software Distribution Service 3.0
RP780: 11/13/2012 9:14:59 AM - Software Distribution Service 3.0
RP781: 11/14/2012 9:49:18 AM - Software Distribution Service 3.0
RP782: 11/15/2012 9:13:44 AM - Software Distribution Service 3.0
RP783: 11/19/2012 11:00:12 AM - System Checkpoint
RP784: 11/20/2012 9:12:33 AM - Software Distribution Service 3.0
RP785: 11/21/2012 8:45:56 AM - Software Distribution Service 3.0
RP786: 11/24/2012 8:36:16 AM - Software Distribution Service 3.0
RP787: 11/26/2012 9:46:03 AM - Software Distribution Service 3.0
RP788: 11/27/2012 9:34:35 AM - Software Distribution Service 3.0
RP789: 11/28/2012 9:26:38 AM - Software Distribution Service 3.0
RP790: 11/29/2012 12:10:45 PM - Software Distribution Service 3.0
RP791: 12/1/2012 9:20:01 AM - Software Distribution Service 3.0
RP792: 12/3/2012 9:38:01 AM - Software Distribution Service 3.0
RP793: 12/4/2012 9:25:06 AM - Software Distribution Service 3.0
RP794: 12/5/2012 9:10:51 AM - Software Distribution Service 3.0
RP795: 12/6/2012 8:38:45 AM - Software Distribution Service 3.0
RP796: 12/8/2012 8:43:07 AM - Software Distribution Service 3.0
RP797: 12/10/2012 9:53:55 AM - Software Distribution Service 3.0
RP798: 12/11/2012 9:18:38 AM - Software Distribution Service 3.0
RP799: 12/12/2012 8:59:18 AM - Software Distribution Service 3.0
RP800: 12/13/2012 8:37:01 AM - Software Distribution Service 3.0
RP801: 12/15/2012 9:02:51 AM - Software Distribution Service 3.0
RP802: 12/17/2012 9:22:23 AM - Software Distribution Service 3.0
RP803: 12/18/2012 9:11:05 AM - Software Distribution Service 3.0
RP804: 12/19/2012 8:27:39 AM - Software Distribution Service 3.0
RP805: 12/20/2012 8:44:11 AM - Software Distribution Service 3.0
RP806: 12/22/2012 8:37:26 AM - Software Distribution Service 3.0
RP807: 12/27/2012 11:45:36 AM - System Checkpoint
RP808: 12/28/2012 11:55:18 AM - System Checkpoint
RP809: 1/2/2013 11:08:42 AM - System Checkpoint
RP810: 1/3/2013 12:12:55 PM - System Checkpoint
RP811: 1/5/2013 9:20:46 AM - System Checkpoint
RP812: 1/7/2013 10:09:08 AM - System Checkpoint
RP813: 1/8/2013 11:22:17 AM - System Checkpoint
RP814: 1/9/2013 12:21:54 PM - System Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office system
32 Bit HP BiDi Channel Components Installer
32 Bit HP CIO Components Installer
Ad-Aware
Adobe Flash Player 11 ActiveX
Adobe Reader 8
aspi
Belarc Advisor 7.2
Bing Bar
BufferChm
CCHelp
CCleaner
CCScore
Choice Guard
ClinCheck
CR2
Dell Backup and Recovery Manager
Dental Photographic Template
DeviceManagementQFolder
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
Google Update Helper
GPL Ghostscript
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
hph_software_req
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 13.1.34.2
Intel® PRO Alerting Agent
Intel® Active Management Technology
Java™ 6 Update 15
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Kodak EasyShare software
KSU
Malwarebytes Anti-Malware version 1.70.0.1100
Meebo Notifier
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
Notifier
Open Freely
OTtBP
PCDLNCH
PDFCreator
PowerDVD DX
QuickBooks
QuickBooks Pro
QuickBooks Pro 2009
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SFR2
SupportSoft Assisted Service
Toolbox
Trend Micro OfficeScan Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VixWin PRO
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows PowerShell™ 1.0 MUI pack
Windows Presentation Foundation
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
1/8/2013 4:55:10 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/5/2013 8:36:42 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================

#11 leftycarvin

leftycarvin
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 10 January 2013 - 11:52 AM

TDSSKILL log:
11:25:13.0468 1876 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:25:13.0875 1876 ============================================================
11:25:13.0875 1876 Current date / time: 2013/01/10 11:25:13.0875
11:25:13.0875 1876 SystemInfo:
11:25:13.0875 1876
11:25:13.0875 1876 OS Version: 5.1.2600 ServicePack: 3.0
11:25:13.0875 1876 Product type: Workstation
11:25:13.0875 1876 ComputerName: STA2
11:25:13.0875 1876 UserName: dtech
11:25:13.0875 1876 Windows directory: C:\WINDOWS
11:25:13.0875 1876 System windows directory: C:\WINDOWS
11:25:13.0875 1876 Processor architecture: Intel x86
11:25:13.0875 1876 Number of processors: 2
11:25:13.0875 1876 Page size: 0x1000
11:25:13.0875 1876 Boot type: Normal boot
11:25:13.0875 1876 ============================================================
11:25:14.0437 1876 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:25:14.0437 1876 ============================================================
11:25:14.0437 1876 \Device\Harddisk0\DR0:
11:25:14.0437 1876 MBR partitions:
11:25:14.0437 1876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F10C, BlocksNum 0x94CF8B1
11:25:14.0437 1876 ============================================================
11:25:14.0484 1876 C: <-> \Device\Harddisk0\DR0\Partition1
11:25:14.0484 1876 ============================================================
11:25:14.0484 1876 Initialize success
11:25:14.0484 1876 ============================================================
11:25:18.0781 2836 ============================================================
11:25:18.0781 2836 Scan started
11:25:18.0781 2836 Mode: Manual;
11:25:18.0781 2836 ============================================================
11:25:19.0484 2836 ================ Scan system memory ========================
11:25:20.0781 2836 System memory - ok
11:25:20.0781 2836 ================ Scan services =============================
11:25:20.0890 2836 Abiosdsk - ok
11:25:20.0921 2836 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:25:20.0921 2836 abp480n5 - ok
11:25:20.0953 2836 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:25:20.0953 2836 ACPI - ok
11:25:20.0968 2836 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:25:20.0968 2836 ACPIEC - ok
11:25:21.0015 2836 [ D80D1D73D1DBF38D0AFE692C8BDC939A ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:25:21.0031 2836 ADIHdAudAddService - ok
11:25:21.0062 2836 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:25:21.0078 2836 adpu160m - ok
11:25:21.0109 2836 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:25:21.0140 2836 aec - ok
11:25:21.0187 2836 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:25:21.0203 2836 AFD - ok
11:25:21.0234 2836 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:25:21.0250 2836 agp440 - ok
11:25:21.0265 2836 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:25:21.0281 2836 agpCPQ - ok
11:25:21.0281 2836 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:25:21.0296 2836 Aha154x - ok
11:25:21.0312 2836 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:25:21.0328 2836 aic78u2 - ok
11:25:21.0328 2836 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:25:21.0359 2836 aic78xx - ok
11:25:21.0390 2836 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:25:21.0406 2836 Alerter - ok
11:25:21.0421 2836 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:25:21.0453 2836 ALG - ok
11:25:21.0468 2836 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:25:21.0484 2836 AliIde - ok
11:25:21.0484 2836 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:25:21.0515 2836 alim1541 - ok
11:25:21.0515 2836 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:25:21.0531 2836 amdagp - ok
11:25:21.0562 2836 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
11:25:21.0578 2836 amsint - ok
11:25:21.0609 2836 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:25:21.0640 2836 AppMgmt - ok
11:25:21.0656 2836 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
11:25:21.0687 2836 asc - ok
11:25:21.0687 2836 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:25:21.0718 2836 asc3350p - ok
11:25:21.0734 2836 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:25:21.0765 2836 asc3550 - ok
11:25:21.0843 2836 [ 9AD6EF4D591211A93848103368125B41 ] ASFAgent C:\Program Files\Intel\ASF Agent\ASFAgent.exe
11:25:21.0890 2836 ASFAgent - ok
11:25:22.0000 2836 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:25:22.0015 2836 aspnet_state - ok
11:25:22.0015 2836 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:25:22.0031 2836 AsyncMac - ok
11:25:22.0078 2836 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:25:22.0078 2836 atapi - ok
11:25:22.0078 2836 Atdisk - ok
11:25:22.0093 2836 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:25:22.0109 2836 Atmarpc - ok
11:25:22.0156 2836 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:25:22.0171 2836 AudioSrv - ok
11:25:22.0203 2836 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:25:22.0218 2836 audstub - ok
11:25:22.0296 2836 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
11:25:22.0343 2836 BBSvc - ok
11:25:22.0390 2836 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
11:25:22.0421 2836 BBUpdate - ok
11:25:22.0453 2836 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:25:22.0468 2836 Beep - ok
11:25:22.0515 2836 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:25:22.0531 2836 Browser - ok
11:25:22.0546 2836 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:25:22.0578 2836 cbidf - ok
11:25:22.0578 2836 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:25:22.0578 2836 cbidf2k - ok
11:25:22.0609 2836 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:25:22.0625 2836 cd20xrnt - ok
11:25:22.0640 2836 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:25:22.0656 2836 Cdaudio - ok
11:25:22.0671 2836 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:25:22.0671 2836 Cdfs - ok
11:25:22.0703 2836 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:25:22.0718 2836 Cdrom - ok
11:25:22.0734 2836 Changer - ok
11:25:22.0781 2836 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:25:22.0796 2836 CiSvc - ok
11:25:22.0796 2836 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:25:22.0828 2836 ClipSrv - ok
11:25:22.0921 2836 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:25:22.0937 2836 clr_optimization_v2.0.50727_32 - ok
11:25:23.0000 2836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:25:23.0015 2836 clr_optimization_v4.0.30319_32 - ok
11:25:23.0031 2836 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:25:23.0046 2836 CmdIde - ok
11:25:23.0046 2836 COMSysApp - ok
11:25:23.0078 2836 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:25:23.0109 2836 Cpqarray - ok
11:25:23.0140 2836 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:25:23.0156 2836 CryptSvc - ok
11:25:23.0171 2836 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:25:23.0234 2836 dac2w2k - ok
11:25:23.0234 2836 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:25:23.0250 2836 dac960nt - ok
11:25:23.0296 2836 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:25:23.0296 2836 DcomLaunch - ok
11:25:23.0343 2836 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:25:23.0343 2836 Dhcp - ok
11:25:23.0375 2836 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:25:23.0375 2836 Disk - ok
11:25:23.0375 2836 dmadmin - ok
11:25:23.0406 2836 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:25:23.0468 2836 dmboot - ok
11:25:23.0484 2836 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:25:23.0484 2836 dmio - ok
11:25:23.0484 2836 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:25:23.0484 2836 dmload - ok
11:25:23.0500 2836 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:25:23.0515 2836 dmserver - ok
11:25:23.0546 2836 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:25:23.0562 2836 DMusic - ok
11:25:23.0593 2836 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:25:23.0609 2836 Dnscache - ok
11:25:23.0671 2836 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:25:23.0687 2836 Dot3svc - ok
11:25:23.0703 2836 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:25:23.0718 2836 dpti2o - ok
11:25:23.0765 2836 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:25:23.0781 2836 drmkaud - ok
11:25:23.0812 2836 [ D60759140694150360BBEFD9CAB7C920 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
11:25:23.0812 2836 e1kexpress - ok
11:25:23.0859 2836 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:25:23.0875 2836 EapHost - ok
11:25:23.0890 2836 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:25:23.0921 2836 ERSvc - ok
11:25:23.0937 2836 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:25:23.0937 2836 Eventlog - ok
11:25:23.0984 2836 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:25:24.0000 2836 EventSystem - ok
11:25:24.0046 2836 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:25:24.0046 2836 Fastfat - ok
11:25:24.0078 2836 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:25:24.0109 2836 FastUserSwitchingCompatibility - ok
11:25:24.0140 2836 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
11:25:24.0187 2836 Fax - ok
11:25:24.0187 2836 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:25:24.0203 2836 Fdc - ok
11:25:24.0218 2836 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:25:24.0234 2836 Fips - ok
11:25:24.0265 2836 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:25:24.0281 2836 Flpydisk - ok
11:25:24.0296 2836 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:25:24.0296 2836 FltMgr - ok
11:25:24.0406 2836 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:25:24.0421 2836 FontCache3.0.0.0 - ok
11:25:24.0437 2836 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:25:24.0453 2836 Fs_Rec - ok
11:25:24.0468 2836 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:25:24.0484 2836 Ftdisk - ok
11:25:24.0484 2836 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:25:24.0500 2836 Gpc - ok
11:25:24.0578 2836 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:25:24.0578 2836 gupdate - ok
11:25:24.0593 2836 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:25:24.0593 2836 gupdatem - ok
11:25:24.0609 2836 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:25:24.0609 2836 HDAudBus - ok
11:25:24.0656 2836 [ 3067EDD0DD77825AC783424EC09EF29F ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
11:25:24.0656 2836 HECI - ok
11:25:24.0750 2836 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:25:24.0765 2836 helpsvc - ok
11:25:24.0781 2836 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:25:24.0796 2836 HidServ - ok
11:25:24.0828 2836 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:25:24.0843 2836 hidusb - ok
11:25:24.0843 2836 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:25:24.0859 2836 hkmsvc - ok
11:25:24.0890 2836 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
11:25:24.0921 2836 hpn - ok
11:25:24.0968 2836 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:25:25.0000 2836 HPZid412 - ok
11:25:25.0046 2836 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:25:25.0062 2836 HPZipr12 - ok
11:25:25.0093 2836 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:25:25.0109 2836 HPZius12 - ok
11:25:25.0140 2836 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:25:25.0187 2836 HTTP - ok
11:25:25.0234 2836 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:25:25.0250 2836 HTTPFilter - ok
11:25:25.0265 2836 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
11:25:25.0281 2836 i2omgmt - ok
11:25:25.0328 2836 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:25:25.0343 2836 i2omp - ok
11:25:25.0515 2836 [ 9ACB03875CFE068D5CC0E98FB2CF7017 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:25:25.0890 2836 ialm - ok
11:25:25.0906 2836 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
11:25:25.0906 2836 iaStor - ok
11:25:26.0015 2836 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:25:26.0093 2836 idsvc - ok
11:25:26.0125 2836 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:25:26.0156 2836 Imapi - ok
11:25:26.0187 2836 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:25:26.0234 2836 ImapiService - ok
11:25:26.0250 2836 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:25:26.0265 2836 ini910u - ok
11:25:26.0281 2836 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:25:26.0296 2836 IntelIde - ok
11:25:26.0312 2836 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:25:26.0312 2836 intelppm - ok
11:25:26.0328 2836 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:25:26.0359 2836 Ip6Fw - ok
11:25:26.0359 2836 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:25:26.0375 2836 IpFilterDriver - ok
11:25:26.0421 2836 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:25:26.0437 2836 IpInIp - ok
11:25:26.0453 2836 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:25:26.0468 2836 IpNat - ok
11:25:26.0500 2836 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:25:26.0531 2836 IPSec - ok
11:25:26.0546 2836 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:25:26.0562 2836 IRENUM - ok
11:25:26.0593 2836 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:25:26.0593 2836 isapnp - ok
11:25:26.0656 2836 [ 112325F53AB720CA77825726D427FBDC ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:25:26.0687 2836 JavaQuickStarterService - ok
11:25:26.0718 2836 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:25:26.0750 2836 Kbdclass - ok
11:25:26.0765 2836 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:25:26.0781 2836 kbdhid - ok
11:25:26.0812 2836 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:25:26.0812 2836 kmixer - ok
11:25:26.0843 2836 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:25:26.0843 2836 KSecDD - ok
11:25:26.0890 2836 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:25:26.0906 2836 LanmanServer - ok
11:25:26.0953 2836 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:25:26.0968 2836 lanmanworkstation - ok
11:25:27.0046 2836 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
11:25:27.0046 2836 Lavasoft Kernexplorer - ok
11:25:27.0078 2836 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
11:25:27.0078 2836 Lbd - ok
11:25:27.0078 2836 lbrtfdc - ok
11:25:27.0125 2836 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:25:27.0140 2836 LmHosts - ok
11:25:27.0187 2836 [ EE18710CF1B67A42158299CA15B2A1CD ] LMS C:\Program Files\Intel\AMT\LMS.exe
11:25:27.0203 2836 LMS - ok
11:25:27.0250 2836 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:25:27.0281 2836 Messenger - ok
11:25:27.0312 2836 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:25:27.0328 2836 mnmdd - ok
11:25:27.0328 2836 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:25:27.0359 2836 mnmsrvc - ok
11:25:27.0390 2836 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:25:27.0406 2836 Modem - ok
11:25:27.0406 2836 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:25:27.0421 2836 Mouclass - ok
11:25:27.0437 2836 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:25:27.0453 2836 mouhid - ok
11:25:27.0468 2836 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:25:27.0484 2836 MountMgr - ok
11:25:27.0515 2836 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:25:27.0546 2836 MozillaMaintenance - ok
11:25:27.0562 2836 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:25:27.0578 2836 mraid35x - ok
11:25:27.0609 2836 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:25:27.0609 2836 MRxDAV - ok
11:25:27.0656 2836 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:25:27.0656 2836 MRxSmb - ok
11:25:27.0703 2836 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:25:27.0703 2836 MSDTC - ok
11:25:27.0718 2836 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:25:27.0718 2836 Msfs - ok
11:25:27.0718 2836 MSIServer - ok
11:25:27.0750 2836 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:25:27.0765 2836 MSKSSRV - ok
11:25:27.0812 2836 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:25:27.0828 2836 MSPCLOCK - ok
11:25:27.0828 2836 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:25:27.0843 2836 MSPQM - ok
11:25:27.0859 2836 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:25:27.0859 2836 mssmbios - ok
11:25:27.0890 2836 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:25:27.0890 2836 Mup - ok
11:25:27.0953 2836 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:25:27.0984 2836 napagent - ok
11:25:28.0000 2836 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:25:28.0000 2836 NDIS - ok
11:25:28.0031 2836 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:25:28.0046 2836 NdisTapi - ok
11:25:28.0093 2836 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:25:28.0109 2836 Ndisuio - ok
11:25:28.0140 2836 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:25:28.0156 2836 NdisWan - ok
11:25:28.0187 2836 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:25:28.0203 2836 NDProxy - ok
11:25:28.0250 2836 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
11:25:28.0265 2836 Net Driver HPZ12 - ok
11:25:28.0281 2836 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:25:28.0281 2836 NetBIOS - ok
11:25:28.0296 2836 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:25:28.0328 2836 NetBT - ok
11:25:28.0343 2836 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:25:28.0359 2836 NetDDE - ok
11:25:28.0359 2836 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:25:28.0359 2836 NetDDEdsdm - ok
11:25:28.0390 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:25:28.0390 2836 Netlogon - ok
11:25:28.0406 2836 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:25:28.0406 2836 Netman - ok
11:25:28.0468 2836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:25:28.0500 2836 NetTcpPortSharing - ok
11:25:28.0531 2836 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:25:28.0531 2836 Nla - ok
11:25:28.0562 2836 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:25:28.0562 2836 Npfs - ok
11:25:28.0609 2836 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:25:28.0625 2836 Ntfs - ok
11:25:28.0640 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:25:28.0640 2836 NtLmSsp - ok
11:25:28.0687 2836 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:25:28.0718 2836 NtmsSvc - ok
11:25:28.0828 2836 [ 377A60F10B472ABBA413FC41CBEB793E ] ntrtscan C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
11:25:28.0875 2836 ntrtscan - ok
11:25:28.0875 2836 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:25:28.0890 2836 Null - ok
11:25:28.0906 2836 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:25:28.0937 2836 NwlnkFlt - ok
11:25:28.0937 2836 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:25:28.0968 2836 NwlnkFwd - ok
11:25:29.0140 2836 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:25:29.0187 2836 odserv - ok
11:25:29.0250 2836 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:25:29.0281 2836 ose - ok
11:25:29.0312 2836 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:25:29.0328 2836 Parport - ok
11:25:29.0343 2836 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:25:29.0343 2836 PartMgr - ok
11:25:29.0359 2836 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:25:29.0375 2836 ParVdm - ok
11:25:29.0390 2836 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:25:29.0390 2836 PCI - ok
11:25:29.0390 2836 PCIDump - ok
11:25:29.0390 2836 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:25:29.0406 2836 PCIIde - ok
11:25:29.0437 2836 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:25:29.0468 2836 Pcmcia - ok
11:25:29.0468 2836 PDCOMP - ok
11:25:29.0468 2836 PDFRAME - ok
11:25:29.0468 2836 PDRELI - ok
11:25:29.0468 2836 PDRFRAME - ok
11:25:29.0484 2836 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
11:25:29.0515 2836 perc2 - ok
11:25:29.0531 2836 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:25:29.0546 2836 perc2hib - ok
11:25:29.0562 2836 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:25:29.0578 2836 PlugPlay - ok
11:25:29.0609 2836 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
11:25:29.0625 2836 Pml Driver HPZ12 - ok
11:25:29.0625 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:25:29.0625 2836 PolicyAgent - ok
11:25:29.0671 2836 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:25:29.0687 2836 PptpMiniport - ok
11:25:29.0687 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:25:29.0687 2836 ProtectedStorage - ok
11:25:29.0687 2836 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:25:29.0718 2836 PSched - ok
11:25:29.0718 2836 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:25:29.0750 2836 Ptilink - ok
11:25:29.0781 2836 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:25:29.0781 2836 PxHelp20 - ok
11:25:29.0796 2836 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:25:29.0828 2836 ql1080 - ok
11:25:29.0843 2836 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:25:29.0875 2836 Ql10wnt - ok
11:25:29.0875 2836 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:25:29.0906 2836 ql12160 - ok
11:25:29.0906 2836 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:25:29.0937 2836 ql1240 - ok
11:25:29.0968 2836 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:25:30.0000 2836 ql1280 - ok
11:25:30.0015 2836 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:25:30.0031 2836 RasAcd - ok
11:25:30.0046 2836 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:25:30.0062 2836 RasAuto - ok
11:25:30.0093 2836 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:25:30.0109 2836 Rasl2tp - ok
11:25:30.0125 2836 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:25:30.0156 2836 RasMan - ok
11:25:30.0171 2836 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:25:30.0187 2836 RasPppoe - ok
11:25:30.0218 2836 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:25:30.0234 2836 Raspti - ok
11:25:30.0250 2836 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:25:30.0250 2836 Rdbss - ok
11:25:30.0250 2836 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:25:30.0265 2836 RDPCDD - ok
11:25:30.0281 2836 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:25:30.0312 2836 rdpdr - ok
11:25:30.0359 2836 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:25:30.0375 2836 RDPWD - ok
11:25:30.0406 2836 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:25:30.0453 2836 RDSessMgr - ok
11:25:30.0484 2836 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:25:30.0500 2836 redbook - ok
11:25:30.0562 2836 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:25:30.0578 2836 RemoteAccess - ok
11:25:30.0609 2836 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:25:30.0625 2836 RemoteRegistry - ok
11:25:30.0640 2836 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:25:30.0640 2836 RpcLocator - ok
11:25:30.0671 2836 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:25:30.0671 2836 RpcSs - ok
11:25:30.0703 2836 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:25:30.0734 2836 RSVP - ok
11:25:30.0765 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:25:30.0781 2836 SamSs - ok
11:25:30.0781 2836 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:25:30.0828 2836 SCardSvr - ok
11:25:30.0859 2836 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:25:30.0890 2836 Schedule - ok
11:25:30.0906 2836 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:25:30.0921 2836 Secdrv - ok
11:25:30.0968 2836 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:25:30.0984 2836 seclogon - ok
11:25:31.0000 2836 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:25:31.0015 2836 SENS - ok
11:25:31.0015 2836 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:25:31.0031 2836 Serenum - ok
11:25:31.0046 2836 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:25:31.0062 2836 Serial - ok
11:25:31.0093 2836 [ B6401608579B6431994425BA7653F774 ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys
11:25:31.0093 2836 SFAUDIO - ok
11:25:31.0140 2836 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:25:31.0156 2836 Sfloppy - ok
11:25:31.0171 2836 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:25:31.0171 2836 ShellHWDetection - ok
11:25:31.0187 2836 Simbad - ok
11:25:31.0218 2836 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:25:31.0234 2836 sisagp - ok
11:25:31.0265 2836 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:25:31.0281 2836 Sparrow - ok
11:25:31.0312 2836 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:25:31.0328 2836 splitter - ok
11:25:31.0359 2836 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:25:31.0359 2836 Spooler - ok
11:25:31.0375 2836 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:25:31.0375 2836 sr - ok
11:25:31.0406 2836 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:25:31.0437 2836 srservice - ok
11:25:31.0468 2836 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:25:31.0468 2836 Srv - ok
11:25:31.0500 2836 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:25:31.0515 2836 SSDPSRV - ok
11:25:31.0546 2836 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:25:31.0578 2836 stisvc - ok
11:25:31.0609 2836 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:25:31.0640 2836 stllssvr - ok
11:25:31.0656 2836 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:25:31.0671 2836 swenum - ok
11:25:31.0703 2836 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:25:31.0734 2836 swmidi - ok
11:25:31.0734 2836 SwPrv - ok
11:25:31.0765 2836 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
11:25:31.0781 2836 symc810 - ok
11:25:31.0812 2836 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:25:31.0828 2836 symc8xx - ok
11:25:31.0859 2836 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:25:31.0875 2836 sym_hi - ok
11:25:31.0906 2836 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:25:31.0937 2836 sym_u3 - ok
11:25:31.0953 2836 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:25:31.0968 2836 sysaudio - ok
11:25:31.0984 2836 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:25:32.0031 2836 SysmonLog - ok
11:25:32.0046 2836 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:25:32.0062 2836 TapiSrv - ok
11:25:32.0078 2836 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:25:32.0125 2836 Tcpip - ok
11:25:32.0156 2836 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:25:32.0171 2836 TDPIPE - ok
11:25:32.0203 2836 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:25:32.0218 2836 TDTCP - ok
11:25:32.0250 2836 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:25:32.0265 2836 TermDD - ok
11:25:32.0312 2836 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:25:32.0343 2836 TermService - ok
11:25:32.0343 2836 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:25:32.0359 2836 Themes - ok
11:25:32.0359 2836 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:25:32.0406 2836 TlntSvr - ok
11:25:32.0437 2836 [ 1051552187AA5AF6FA9742E020F53EAF ] tmactmon C:\WINDOWS\system32\drivers\tmactmon.sys
11:25:32.0453 2836 tmactmon - ok
11:25:32.0500 2836 [ AC037F9146D424A6488FF602FC059F46 ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
11:25:32.0531 2836 TMBMServer - ok
11:25:32.0546 2836 [ 039CCB9984CD0AC6C7EADC42325CC83B ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
11:25:32.0578 2836 tmcomm - ok
11:25:32.0578 2836 [ 4580ACFA42D96F7A6BDF21C5F2F6523C ] tmevtmgr C:\WINDOWS\system32\drivers\tmevtmgr.sys
11:25:32.0609 2836 tmevtmgr - ok
11:25:32.0640 2836 [ 6341531EE7FE1CE4C116C849BE02534F ] TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
11:25:32.0703 2836 TmFilter - ok
11:25:32.0765 2836 [ 40741AC21F571EC88B20B23B7CB93882 ] tmlisten C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
11:25:32.0796 2836 tmlisten - ok
11:25:32.0828 2836 [ 0DE3104387D312EA8B096D97305430D0 ] TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
11:25:32.0859 2836 TmPreFilter - ok
11:25:32.0921 2836 [ D0106A3B4B396046996B8DE3D4386110 ] TmProxy C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
11:25:32.0953 2836 TmProxy - ok
11:25:32.0984 2836 [ 5F7F63884A8547981EE379B8C0FB3312 ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
11:25:33.0000 2836 tmtdi - ok
11:25:33.0015 2836 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
11:25:33.0031 2836 TosIde - ok
11:25:33.0062 2836 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:25:33.0078 2836 TrkWks - ok
11:25:33.0093 2836 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:25:33.0125 2836 Udfs - ok
11:25:33.0140 2836 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
11:25:33.0171 2836 ultra - ok
11:25:33.0250 2836 [ 24EF4A75726C803738FFA90BFC626DD0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
11:25:33.0296 2836 UNS - ok
11:25:33.0312 2836 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:25:33.0359 2836 Update - ok
11:25:33.0406 2836 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:25:33.0437 2836 upnphost - ok
11:25:33.0453 2836 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:25:33.0468 2836 UPS - ok
11:25:33.0500 2836 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:25:33.0515 2836 usbccgp - ok
11:25:33.0515 2836 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:25:33.0531 2836 usbehci - ok
11:25:33.0562 2836 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:25:33.0593 2836 usbhub - ok
11:25:33.0625 2836 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:25:33.0640 2836 usbprint - ok
11:25:33.0687 2836 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:25:33.0687 2836 usbscan - ok
11:25:33.0718 2836 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:25:33.0734 2836 USBSTOR - ok
11:25:33.0750 2836 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:25:33.0765 2836 usbuhci - ok
11:25:33.0812 2836 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:25:33.0828 2836 VgaSave - ok
11:25:33.0828 2836 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:25:33.0859 2836 viaagp - ok
11:25:33.0875 2836 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:25:33.0890 2836 ViaIde - ok
11:25:33.0906 2836 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:25:33.0906 2836 VolSnap - ok
11:25:33.0968 2836 [ 1C0A7FF6CA0F21E26AD34377A56C9B4F ] VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
11:25:34.0015 2836 VSApiNt - ok
11:25:34.0031 2836 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:25:34.0093 2836 VSS - ok
11:25:34.0125 2836 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
11:25:34.0125 2836 w32time - ok
11:25:34.0140 2836 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:25:34.0156 2836 Wanarp - ok
11:25:34.0171 2836 WDICA - ok
11:25:34.0171 2836 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:25:34.0203 2836 wdmaud - ok
11:25:34.0218 2836 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:25:34.0234 2836 WebClient - ok
11:25:34.0312 2836 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:25:34.0328 2836 winmgmt - ok
11:25:34.0359 2836 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:25:34.0375 2836 WmdmPmSN - ok
11:25:34.0437 2836 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:25:34.0453 2836 Wmi - ok
11:25:34.0468 2836 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:25:34.0484 2836 WmiAcpi - ok
11:25:34.0500 2836 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:25:34.0531 2836 WmiApSrv - ok
11:25:34.0625 2836 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:25:34.0750 2836 WMPNetworkSvc - ok
11:25:34.0843 2836 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:25:34.0953 2836 WPFFontCache_v0400 - ok
11:25:34.0984 2836 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:25:35.0015 2836 wscsvc - ok
11:25:35.0015 2836 WSearch - ok
11:25:35.0046 2836 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:25:35.0062 2836 WudfPf - ok
11:25:35.0078 2836 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:25:35.0093 2836 WudfRd - ok
11:25:35.0109 2836 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:25:35.0140 2836 WudfSvc - ok
11:25:35.0187 2836 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:25:35.0187 2836 WZCSVC - ok
11:25:35.0203 2836 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:25:35.0234 2836 xmlprov - ok
11:25:35.0234 2836 ================ Scan global ===============================
11:25:35.0265 2836 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:25:35.0328 2836 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:25:35.0375 2836 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:25:35.0375 2836 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:25:35.0390 2836 [Global] - ok
11:25:35.0390 2836 ================ Scan MBR ==================================
11:25:35.0406 2836 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:25:35.0906 2836 \Device\Harddisk0\DR0 - ok
11:25:35.0906 2836 ================ Scan VBR ==================================
11:25:35.0906 2836 [ 06B3359E093DC99B562BC2145DC59F99 ] \Device\Harddisk0\DR0\Partition1
11:25:35.0906 2836 \Device\Harddisk0\DR0\Partition1 - ok
11:25:35.0906 2836 ============================================================
11:25:35.0906 2836 Scan finished
11:25:35.0906 2836 ============================================================
11:25:35.0921 2444 Detected object count: 0
11:25:35.0921 2444 Actual detected object count: 0
11:25:47.0140 3808 Deinitialize success

ASW log:
swMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-10 11:45:07
-----------------------------
11:45:07.171 OS Version: Windows 5.1.2600 Service Pack 3
11:45:07.171 Number of processors: 2 586 0x170A
11:45:07.171 ComputerName: STA2 UserName:
11:45:07.468 Initialize success
11:45:13.906 AVAST engine defs: 13011000
11:45:39.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:45:39.187 Disk 0 Vendor: ST380815 4.AD Size: 76293MB BusType: 3
11:45:39.218 Disk 0 MBR read successfully
11:45:39.218 Disk 0 MBR scan
11:45:39.250 Disk 0 Windows VISTA default MBR code
11:45:39.250 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
11:45:39.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76191 MB offset 192780
11:45:39.281 Disk 0 scanning sectors +156232125
11:45:39.406 Disk 0 scanning C:\WINDOWS\system32\drivers
11:45:52.453 Service scanning
11:46:10.343 Service TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys **LOCKED** 32
11:46:10.578 Service TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys **LOCKED** 32
11:46:12.250 Service VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys **LOCKED** 32
11:46:14.218 Modules scanning
11:46:17.312 Disk 0 trace - called modules:
11:46:17.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:46:17.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af3a030]
11:46:17.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a9b7028]
11:46:17.765 AVAST engine scan C:\WINDOWS
11:46:21.796 AVAST engine scan C:\WINDOWS\system32
11:50:52.515 AVAST engine scan C:\WINDOWS\system32\drivers
11:51:07.765 AVAST engine scan C:\Documents and Settings\dtech
11:51:09.921 File: C:\Documents and Settings\dtech\Application Data\Ahly\yknie.exe **INFECTED** Win32:Zbot-QGO [Trj]
11:55:06.906 AVAST engine scan C:\Documents and Settings\All Users
11:57:16.984 Scan finished successfully
12:12:53.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\dtech\Desktop\MBR.dat"
12:12:53.890 The log file has been saved successfully to "C:\Documents and Settings\dtech\Desktop\aswMBR.txt 1-10-13.txt"

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 10 January 2013 - 10:30 PM

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 leftycarvin

leftycarvin
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 11 January 2013 - 08:38 AM

Do you want me to run combofix with the network trendoffice running in the background as before or do you want me to try to disable the trend at the server.At this point only one of the satellite computers has the malware problem.I will send the log monday 1-14 or tuesday 1-15

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 12 January 2013 - 03:24 AM

Run it with Trend Micro running first. Disable the Trend Micro network server if it doesn't run.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 leftycarvin

leftycarvin
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 15 January 2013 - 10:27 AM

The Combo fix log-ran fine with office scan on


Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3292.2877 [GMT -5:00]
Running from: c:\documents and settings\dtech\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dtech\Application Data\Ahly
c:\documents and settings\dtech\Application Data\Ahly\yknie.exe
c:\documents and settings\dtech\GoToAssistDownloadHelper.exe
c:\documents and settings\dtech\WINDOWS
c:\windows\system32\SET23.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
.
.
2013-01-15 15:17 . 2013-01-15 15:17 -------- d-----w- c:\windows\LastGood
2013-01-15 14:35 . 2013-01-15 15:15 -------- d-----w- c:\windows\SxsCaPendDel
2012-12-27 23:26 . 2012-12-27 23:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-27 22:43 . 2012-12-27 22:43 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-12-27 22:43 . 2012-12-27 22:43 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-12-27 22:43 . 2012-12-27 22:43 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-12-20 13:44 . 2012-12-20 13:44 22064 ----a-w- c:\windows\DCEBoot.exe
2012-12-19 21:53 . 2013-01-09 01:37 181808 ----a-w- c:\windows\RegBootClean.exe
2012-12-19 21:52 . 2013-01-02 16:25 -------- d-----w- c:\documents and settings\dtech\Application Data\Eqto
2012-12-19 21:52 . 2012-12-19 21:52 -------- d-----w- c:\documents and settings\dtech\Application Data\Heacv
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 23:28 . 2008-04-25 16:16 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-12-14 21:49 . 2012-07-03 17:13 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 11:20 . 2008-04-25 16:16 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2008-04-25 16:16 290560 ------w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2008-04-25 16:16 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 19:42 . 2012-10-30 19:42 1409 ----a-w- c:\windows\QTFont.for
2012-10-23 13:01 . 2012-10-23 13:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-23 13:01 . 2011-07-27 15:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-27 22:43 . 2012-03-20 21:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-09-01 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-11 141336]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-19 796184]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2011-08-29 1105744]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe" [2009-11-15 324976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
DelTemp.exe [2010-9-1 412672]
DelTemp.lnk - C:\DelTemp.exe [N/A]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [8/21/2009 9:19 PM 24064]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 4:56 AM 133968]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [9/16/2009 9:37 AM 59152]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [5/22/2009 12:02 AM 264504]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [5/22/2009 12:00 AM 36664]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [8/21/2009 5:35 PM 2066968]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/21/2009 9:20 PM 144480]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2/23/2009 11:31 AM 689680]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-27 15:12]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-27 15:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
TCP: Interfaces\{D392337D-3174-4613-9D0F-7CE24F86BA43}: NameServer = 10.0.0.10
FF - ProfilePath - c:\documents and settings\dtech\Application Data\Mozilla\Firefox\Profiles\nwf4t6y6.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Egpuduos - c:\documents and settings\dtech\Application Data\Ahly\yknie.exe
SafeBoot-06812847.sys
SafeBoot-75285706.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-15 10:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-01-15 10:26:42
ComboFix-quarantined-files.txt 2013-01-15 15:26
.
Pre-Run: 52,296,216,576 bytes free
Post-Run: 53,343,707,136 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D1C47CE9738E71AD09B76AE4F1FE4AD6




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users